-5

Mp3blaster is a terminal mp3 player running a UNIX-like operating system, e.g. Linux, Free/Net/OpenBSD, etc. I usually use this player for playing my music, but yesterday I found a blog which claim that there is an exploitable 0day.

1) The vulnerability is found in file main.cc. This is the code:

void
warning(const char *txt, ... )
{
va_list ap;
char buf[1025];
mw_clear();
move(LINES­2,1);
attrset(COLOR_PAIR(CP_ERROR)|A_BOLD);
va_start(ap, txt);
vsnprintf(buf, 1024, txt, ap);
va_end(ap);
addnstr(buf, (COLS > 14 ? COLS ­ 14 : 1));
attrset(COLOR_PAIR(CP_DEFAULT)|A_NORMAL);
refresh();
}

The vsnprintf () function uses the parameter as txt format string. warning () is called from fw_convmp3 (), a function that is invoked when the user wants to convert a WAV file to MP3 format:

void
fw_convmp3(const char *tmp, void *args)
{
char **selitems;
...
...
if (!(decoder = new Mpegfileplayer(Fileplayer::AUDIODRV_OSS)) ||
!decoder­>openfile(file,
file2write, WAV) || !decoder­>initialize(NULL))
{
sprintf(bla, "Decoding of %s failed.", selitems[i]);
warning(bla);

selItems [i] contains the name of the file that the user wishes to convert. The bug can be reproduced as follows: a file named "% n.mp3" blank is created, and F1 is pressed within mp3blaster to select it, then press F6 to invoke the function of conversion, the program will apply for a WAV directory to save the converted file, press ENTER et voilà!

2) Examples

Figure 1: The file that exploits the bug was selected

Figure 2: When it comes to saving with F6 bug occurs

Figure 3: Exploiting the bug

So my question is:
How this vulnerability can affect my operating system?

For example:
If I download free mp3 from any legal site and some song comes modified like the above example is it possible to load keylogger or trojan in my OS?

Information Source: elladodelmal blog

Community
  • 1
Deus
  • 21
  • 5
  • 1
    Flagged as spam, since you post a link to a possibly infected site. What's more, it seems to be in Castellano instead of English. – Deer Hunter Feb 12 '14 at 11:49
  • This blog is famous enough in Spain. Plus his owner is Chema Alonso Security Professional. So you people can't use google translate? – Deus Feb 12 '14 at 11:56
  • 4
    @Deus while we can, your question is already off topic, regardless if the link is spammy or not. While you question if we can use Google translate, I'm questioning if you even bothered reading the scope of the website on the about pages. – Lucas Kauffman Feb 12 '14 at 12:14
  • There may be a bit of this question that is on topic, but overall, it is opinion based. You could try asking specific question around the risks from particular file formats. – Rory Alsop Feb 12 '14 at 15:37

1 Answers1

1

Vulnerabilities exist in every single operating system. Regardless if it's Linux, Windows, OS:X, iOS or even zOS. Some vulnerabilities are published and exploited openly, others are sold for profit and might never get into daylight.

Is it possible to load a keylogger into your operating system? That will first of all depend on your level of patching, second of all it will depend which files (from which sources) you tend to open. If you download random files from dodgy websites, then it is indeed very much possible that you get infected.

Note that even when you do everything right, install every single patch and have an up to date anti-virus running, there is still a chance that people you will get exploited. Always have a backupplan!

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196